From c8eaca013a3922e8383def6158ece2b63f6ec483 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Tue, 3 Mar 2015 10:43:48 +0300 Subject: Added type checks --- ext/soap/php_encoding.c | 21 ++++++++++++++------- ext/soap/soap.c | 6 ++++-- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index fd9e367872..31f1f7c800 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -404,12 +404,15 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml encodePtr enc = NULL; HashTable *ht = Z_OBJPROP_P(data); - if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) { + if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE || + Z_TYPE_PP(ztype) != IS_LONG) { soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property"); } - if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) { - if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) { + if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && + Z_TYPE_PP(zstype) == IS_STRING) { + if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && + Z_TYPE_PP(zns) == IS_STRING) { enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); } else { zns = NULL; @@ -445,8 +448,10 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml } if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) { - if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) { - if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) { + if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS && + Z_TYPE_PP(zstype) == IS_STRING) { + if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS && + Z_TYPE_PP(zns) == IS_STRING) { set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype)); } else { set_ns_and_type_ex(node, NULL, Z_STRVAL_PP(zstype)); @@ -454,10 +459,12 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml } } - if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS) { + if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS && + Z_TYPE_PP(zname) == IS_STRING) { xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname))); } - if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS) { + if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS && + Z_TYPE_PP(zname) == IS_STRING) { xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens)); xmlSetNs(node, nsp); } diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 9ec6347223..d460c1718f 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -3979,7 +3979,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function } if (version == SOAP_1_1) { - if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { + if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { size_t new_len; xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode")); char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); @@ -4004,7 +4005,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function } detail_name = "detail"; } else { - if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) { + if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS && + Z_TYPE_PP(tmp) == IS_STRING) { size_t new_len; xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL); char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC); -- cgit v1.2.1